<===
2026-01-06 08:37:29
---
- name: Move port 9100/tcp from all zones to public only
hosts: targets
become: true
gather_facts: false
vars:
fw_port: "9100/tcp"
tasks:
- name: Get list of firewalld zones
ansible.builtin.command: firewall-cmd --get-zones
register: fw_zones_raw
changed_when: false
- name: Set fact with firewalld zones list
ansible.builtin.set_fact:
fw_zones: "{{ fw_zones_raw.stdout.split() }}"
- name: Remove port {{ fw_port }} from all zones (permanent)
ansible.posix.firewalld:
zone: "{{ item }}"
port: "{{ fw_port }}"
state: disabled # убрать порт из зоны
permanent: true
immediate: false
loop: "{{ fw_zones }}"
- name: Add port {{ fw_port }} only to public zone (permanent)
ansible.posix.firewalld:
zone: public
port: "{{ fw_port }}"
state: enabled # включить порт
permanent: true
immediate: false
- name: Reload firewalld to apply permanent changes
ansible.builtin.command: firewall-cmd --reload
changed_when: true